Beyond Internet security to risk management

Menu

Passport Friction

Ben Hyde has an interesting bunch of thoughts about verification friction:

We recently got new passports, a project that was at least a dozen times
more expensive and tedious than doing my taxes. I once had a web product
that failed big-time. A major contributor to that failure was tedium
of getting new users through the sign-up process. Each screen they had
to step triggered the lost of 10 to 20% of the users. Reducing the
friction of that process was key to survival. It is a thousand times
easier to get a cell phone or a credit card than it is to get a passport
or a learner’s permit. That wasn’t the case two decades ago.

—
Friction,
by Ben Hyde,
Ascription is an Anathema to any Enthusiasm,
10 May 2007

He mentions some cases where friction may actually be socially useful,
as in making it harder to get liquor and easier to get condoms,
or some automobile traffic engineering.
Then he gets to the especially interesting part.

In Internet identity, some camps are trying to raise the friction,
while others are trying to lower it:

Privacy and security advocates are attempting to lower the temp. and
increase the friction. Thus you get the mess around the passport,
real-id, and the banks. Wearing that hat it seems perfectly reasonable
that one should present photo id when you vote, or have your biometrics
captured if you cross a boarder. On the other hand there are those who
seek in the solution to the internet identity problem a way to raise
the temperature and lower the friction. That more rather than less
transactions would take place. That more blog postings garner good
coments, that more wiki pages will be touched up, that more account
relationships will emerge rather than less.

Ben sees this, at least in the Internet space, as a matter of striking
a balance.
I see much of it as counterproductive design.

For example,
one of Ben’s examples is banks requiring multiple pieces of information
to log in, which he has to share with his wife, since they share an account.
That’s an ancient problem, easily solved by letting multiple account users
have multiple accounts.
I don’t mean multiple bank accounts in this case; merely two online
accounts to access the bank account.

Ben points out that some of the political friction implemented in recent
years, such as making it harder for people to vote, may redound to the
benefit of a particular political party.
More difficult passports could, as well, because people travelling and
getting to know more about the world could redound to the benefit
of a different political party.
I might be for the passport procedures, if I thought they actually
did any good, but I’ve seen no evidence that they do.
One would think that before implementing changes that make it much
harder for people to get a document that they need to exercise a
basic right (travel) that a compelling case would be made for the
need for such changes.

For banks, doing something beyond simple username and password
has become necessary due to phishing, which most bank online users can
see for themselves.
The actual implementation may miss some stitches, as in Ben’s spouse
account sharing case.

For many of the non-Internet friction increases of recent years,
no such case has been made.